Below, we outline some practical security concerns that every organisation should prioritise, along with actionable steps to mitigate these risks.
1. Hyper-Targeted Phishing Attempts
Phishing attacks have come a long way from those generic emails we’ve all seen. Nowadays, cybercriminals are getting personal, tailoring their attacks to specific individuals within your organisation, which could become even more sophisticated with the rise of AI.
Consider the types of emails your team might receive regularly, especially those that ask for credentials. For your finance team, this could be a phishing attempt disguised as communication from your bank or accounting system. For your broader team, it might be a Microsoft 365 email encouraging them to download a seemingly important document. The more familiar the email appears, the greater risk it presents.
How It Works: Attackers gather information from social media, professional networks like LinkedIn, and even past data breaches. Armed with this knowledge, they craft convincing emails that appear to come from a coworker or trusted service provider making them particularly dangerous.
What You Can Do: Advanced email filtering tools can help catch these sneaky phishing attempts. However, designing custom phishing simulations, where you target particular groups in your organisation with “familiar” emails are also a great way to keep your team on their toes.
2. The Threat of Deepfakes
Deepfakes are another emerging threat. These AI-generated media can convincingly mimic voices or images, making it easier for attackers to impersonate trusted individuals. Deepfakes are created using AI algorithms that study existing audio and video footage of a person. The AI learns to replicate the voice and facial movements, creating a highly convincing fake. The more data available online, the easier it becomes to make these deepfakes.
A notable example for a New Zealand organisation is the ZURU incident in 2023, which highlights just how sophisticated deepfakes have become. In this case, the CFO, Christian Pellone, was targeted by a deepfake Microsoft Teams call where his boss appeared on video, seemingly muted due to "audio issues," and asked him to make cash transfers. Fortunately, Pellone recognised the red flags. The WhatsApp message he received came from an unfamiliar number, even though the profile photo matched his boss’s. During the Teams call, the person on camera looked exactly like his boss, but the text exchanges and the situation didn’t quite add up. His awareness that what he was experiencing wasn’t normal, saved the company from potential fraud. Read more about the ZURU incident here.
These tools are evolving rapidly, and their quality will only improve. Have you considered how you might protect your organisation from a realistic deepfake? You might consider establishing offline codewords or unique identifiers within your organisation to confirm someone’s identity.
3. Securing Your Third-Party Software and Managing Application Installations:
Third-party software is a lifeline for many businesses, but it can also be a potential security risk if not handled carefully. Older or lesser-known applications might not have the best security measures, leaving them open to exploitation. That’s why regularly auditing your third-party software is crucial—ensuring updates are applied, Multi-Factor Authentication (MFA) is enabled, and Single Sign-On (SSO) is implemented wherever possible. It’s also important to be clear about who’s responsible for managing these security aspects—is it your internal team or your IT provider? Sometimes, the lines of responsibility can get a bit blurry. Plus, when employees leave, the software they had access to can become a security threat. Having a solid process for revoking access when someone exits the company can go a long way in keeping things secure.
Now, have you ever wondered what all your team members have installed on their devices? You might be surprised at the range of applications they’re using—some of which they might have installed to optimise their taskstasks, or they could have nothing to do with their work. Unmonitored or unapproved software can become a gateway for security vulnerabilities. If restricting installations through limited Windows accounts isn’t an option, tools like ThreatLocker can help you take control. ThreatLocker allows you to create an “allowlist” of approved applications, blocking everything else from being installed. This drastically reduces the risk of harmful software sneaking in. When users want to download a new application, Threatlocker will request approval. Having someone with security expertise oversee this process is key to making sure it’s effective, and this is a service we provide to our customers.
Clear guidelines can help ensure everyone is on the same page about which software is approved for business use. By staying proactive about software management and keeping a close watch on installations, you’re taking crucial steps to protect your organisation from potential security threats.
4. Password Management: Best Practices
Passwords are a key part of security, but they’re often not managed as well as they should be.
Password managers can make handling complex passwords both secure and easy. These tools store your passwords in encrypted vaults, which helps reduce the risk of theft. However, it’s important to be cautious with browser-based password managers, as they can be a target for hackers.
Centrally managed password managers, like LastPass or 1Password, offer an extra layer of security and are a better choice than the local browser-based vaults.
We strongly recommend rolling out a centrally managed password manager across your organisation. It’s also vital to educate your employees on why long, complex passwords matter. A good password manager will remind users when it’s time to update their passwords. This helps ensure that everyone follows best practices, such as using a mix of letters, numbers, and symbols, and changing passwords regularly. By taking these steps, you can greatly improve your organisation's security and minimise the risk of unauthorised access.
5. Backup Strategies: Immutable Backups & Regular Reviews
Immutable backups are a crucial component of a robust cybersecurity strategy. In the event of a cyberattack, particularly ransomware, having backups that cannot be altered or deleted ensures that your data remains intact and recoverable, even if your environment is compromised. This level of protection can be the difference between a minor disruption and a major crisis.
It’s essential to work closely with your IT provider to set up immutable backups and regularly review your backup strategy. A good IT partner will help you ensure that the right data is being backed up and that your backup system is thoroughly tested on a regular basis. This way, you can be confident that your backups will be there when you need them most, providing a reliable safeguard against potential data loss.
6. Principle of Least Privilege
The "Principle of Least Privilege" refers to limiting access to sensitive data, ensuring that employees have only the permissions necessary to perform their jobs. Not everyone needs access to everything, and by enforcing this principle, you can significantly strengthen your security posture. But how does this apply in practice?
Assigning Permissions to New Users: When new users join your organisation, it’s crucial to assess their role and determine the minimum level of access they need to perform their job effectively. Implementing role-based access controls simplifies this process by assigning permissions based on predefined roles, ensuring consistency and reducing the risk of over-provisioning access.
Approving Permission Changes: Establishing a clear approval process for any changes to permissions is equally important. Typically, this involves a request submitted by the user or their manager, which is then reviewed by a supervisor or IT administrator. All changes should be logged and periodically audited to ensure that no unnecessary or risky permissions have been granted.
These practices are often associated with tools like Microsoft 365, but it’s essential to apply them across all software products within your organisation.
Regularly reviewing and updating permissions is crucial, as it helps ensure that access rights remain aligned with each user's current role and responsibilities, further safeguarding your organisation’s sensitive information.
7. Incident Response Planning: Security Incident Simulations (SIS)
An incident response plan is only as effective as the preparation behind it. Have you tested your plan against real-world scenarios and legal responsibilities? Even incidents that aren’t directly related to your organisation can offer valuable opportunities to refine your response strategy. For example, do you know how your organisation would have responded to an event like the 2024 Crowdstrike update?
Preparing for worst-case scenarios is crucial—what if your organisation was breached despite all protections? While your IT team will handle the technical aspects of the response, is your organisation prepared as a whole? Consider who would lead the response, how internal communication would be managed during downtime, and how customers would be kept informed.
We have found that conducting Security Incident Simulations (SIS) is highly effective in enhancing our customers' preparedness.
Conclusion
If any of these areas raise concerns or if you'd like to discuss how to improve your organisation's security, our Business Improvement Team is here to help. We offer comprehensive Security Incident Simulation exercises to test your incident response plan and ensure you're prepared for any eventuality.
Don't wait for a security breach to act. Book a call with us today to fortify your defences and safeguard your organisation. Let's start the conversation about how we can enhance your IT security together.
